Refactor Git access checks

Review changes
Download
Patches
Plain diff

Patrick Steinhardt requested to merge pks-git-access-refactoring into master May 10, 2021

Overview 1
Commits 11
Pipelines 1
Changes 27

What does this MR do?

Git access checks are currently very tightly tied to the fact that they all operate on a single change. This makes it really hard to bend access checks to instead work on all changes at once. Obvious candidates for this are the LFS checks (which currently work on the first ref only, which is wrong) and the Diff checks (which are currently computed per ref, which isn't really correct either). Both of these can instead operate on all refs at once.

This MR refactors access checks to not embed the change in the checkers themselves, but instead to hand them down. This grants the ability to extend checks and also have them to the batched check at a later point.

Part of #330324 (closed)

Does this MR meet the acceptance criteria?

Conformity

I have included a changelog entry, or it's not needed. (Does this MR need a changelog?)
I have added/updated documentation, or it's not needed. (Is documentation required?)
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?)
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?)
I have self-reviewed this MR per code review guidelines.
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines)
I have followed the style guides.

Availability and Testing

I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.)
I have tested this MR in all supported browsers, or it's not needed.
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Merge request reports

Assignee Loading

Reviewers Loading

Request review from

Loading

Time tracking Loading

Loading